This repository was archived by the owner on May 28, 2026. It is now read-only.
forked from getsentry/sentry-cocoa
-
Notifications
You must be signed in to change notification settings - Fork 1
131 lines (116 loc) · 5.64 KB
/
Copy pathauto-update-tools.yml
File metadata and controls
131 lines (116 loc) · 5.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# This workflow is used to update the custom tooling versions for the project.
#
# We prefer to use Dependabot to update external dependencies, but at this time it does not include Homebrew as a supported package manager (https://docs.github.com/en/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories).
# Furthermore, neither `swiftlint` nor `clang-format` are listed as dependencies in our repository, therefore also not picked up by Dependabot.
#
# Therefore we are using a custom workflow to update relevant files and open a pull request with the changes.
name: "Automation: Update tooling versions"
on:
schedule:
- cron: "0 0 * * *"
workflow_dispatch:
pull_request:
# Permissions configuration:
# - 'contents: write' is required to allow the workflow to commit changes to the repository
# when updating the tooling version files and creating branches for pull requests.
# - 'pull-requests: write' is required to allow the workflow to create pull requests
# using the peter-evans/create-pull-request action when tooling version updates are available.
permissions:
contents: write
pull-requests: write
# Concurrency configuration:
# - We use a named concurrency group to prevent multiple instances of this workflow from running
# simultaneously, which could lead to race conditions when creating branches and pull requests.
# Since this workflow modifies version files and creates PRs, concurrent runs could interfere
# with each other, resulting in conflicting branches or duplicate PRs.
# - We enable cancellation of in-progress runs because only the most recent run matters for
# version updates. There's no value in completing outdated runs, especially for scheduled
# workflows that might queue up overnight. This approach conserves GitHub Actions minutes
# and ensures we're always working with the latest repository state.
concurrency:
group: "auto-update-tools"
cancel-in-progress: true
jobs:
# This job detects if the PR contains changes that require running auto-update-tools.
# If yes, the job will output a flag that will be used by the next job to run the auto-update-tools.
# If no, the job will output a flag that will be used by the next job to skip running the auto-update-tools.
# At the end of this workflow, we run a check that validates that either auto_update_tools-required-check passed or were
# skipped, which is called auto_update_tools-required-check.
files-changed:
name: Detect File Changes
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
run_auto_update_tools_for_prs: ${{ steps.changes.outputs.run_auto_update_tools_for_prs }}
steps:
- uses: actions/checkout@v5
- name: Get changed files
id: changes
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
with:
token: ${{ github.token }}
filters: .github/file-filters.yml
auto-update-tools:
if: github.event_name != 'pull_request' || needs.files-changed.outputs.run_auto_update_tools_for_prs == 'true'
needs: files-changed
runs-on: macos-15
steps:
- name: Checkout Repository
uses: actions/checkout@v5
- name: Update Homebrew
run: brew update
- name: Install Tools
run: make init
- name: Update tooling versions
run: make update-versions
- name: Check tooling versions
run: make check-versions
- name: Print git status and changes
run: |
git status
git diff HEAD
- name: Create pull request for clang-format version
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e #v7.0.8
if: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' }}
with:
add-paths: scripts/.clang-format-version
branch: github-actions/auto-update-tools-clang-format
commit-message: "chore(deps): Update clang-format version"
delete-branch: true
title: "chore(deps): Update clang-format version"
sign-commits: true
base: main
- name: Create pull request for swiftlint version
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e #v7.0.8
if: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' }}
with:
add-paths: scripts/.swiftlint-version
branch: github-actions/auto-update-tools-swiftlint
commit-message: "chore(deps): Update swiftlint version"
delete-branch: true
title: "chore(deps): Update swiftlint version"
sign-commits: true
base: main
- name: Run CI Diagnostics
if: failure()
run: ./scripts/ci-diagnostics.sh
# This check validates that either auto-update-tools passed or was skipped, which allows us
# to make auto-update-tools a required check with only running the auto-update-tools when required.
# So, we don't have to run auto-update-tools, for example, for unrelated changes.
auto_update_tools-required-check:
needs:
[
files-changed,
auto-update-tools,
]
name: Auto Update Tools
# This is necessary since a failed/skipped dependent job would cause this job to be skipped
if: always()
runs-on: ubuntu-latest
steps:
# If any jobs we depend on fails gets cancelled or times out, this job will fail.
# Skipped jobs are not considered failures.
- name: Check for failures
if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
run: |
echo "One of the auto-update-tools jobs has failed." && exit 1